CVE-2015-3415

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 24-04-2015 07:59

Last modified: - 16-08-2022 03:33

Total changes: - 2

Description

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

7.5

Base score

10.0

6.4

Exploitability score

Impact score

Verification logic

Reference

https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30
20150414 several issues in SQLite (+ catching up on several other bugs)-Mailing List, Third Party Advisory, VDB Entry
DSA-3252-Third Party Advisory
MDVSA-2015:217-Broken Link
USN-2698-1-Third Party Advisory
https://support.apple.com/HT205267
APPLE-SA-2015-09-30-3-Mailing List, Third Party Advisory
APPLE-SA-2015-09-21-1-Mailing List, Third Party Advisory
https://support.apple.com/HT205213
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
1033703-Third Party Advisory, VDB Entry
GLSA-201507-05-Third Party Advisory
RHSA-2015:1635-Third Party Advisory
74228-Third Party Advisory, VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Keywords

CVE-2015-3415

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2015-3415

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures